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"I Formal Models for Computer Security 
Carl E. Landwehr 

^ September 1981 ACM Computing Surveys (CSUR), Volume 13 issue 3 
Publisher: ACM Press 

Full text available: 'P| pdf(2.98 MB) Additional Information: full citation, feferences, citirtas. index term 



A taxonomy for secure object-oriented databases 
Martin S. Olivier, Sebastiaan H. von Solms 

March 1994 ACM Transactions on Database Systems (TODS), Volume 19 Issue 1 
Publisher: ACM Press 

Full text available: 'ffi pdf(3.05 MB) Additional Infornnation: full citation, abstract, references, cilings, index 
* ^ • -V--:.- terms, review 

This paper proposes a taxononny for secure object-oriented databases in order to clarify the 
issues in modeling and implementing such databases. It also indicates some implications of 
the various choices one may make when designing such a database. Most secure database 
models have been designed for relational databases. The object-oriented database model is 
more complex than the relational model. For these reasons, models for secure object- 
oriented databases are more complex than ... 

Keywords: formal security models, information security, multilevel secure databases, 
object-orientation 



Invited papers on the frontiers of software practice: Cybersecurity ^ 
Richard A. Kemmerer 

May 2003 Proceedings of the 25th International Conference on Softvyrare Engineering 
Publisher: IEEE Computer Society 

Full text available: jgfc rpQ 

^ part 1.1 7 i^B) ^ Additional Infornnation: Ml-C|tatjon, abstract, references, index ternns 
PyMsMrSite 

As more business activities are being automated and an increasing number of computers are 
being used to store sensitive information, the need for secure computer systems becomes 
more apparent. This need is even more apparent as systems and applications are being 
distributed and accessed via an insecure network, such as the Internet. The Internet itself 
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has become critical for governments, companies, financial institutions, and millions of 
everyday users. Networks of computers support a multitude ... 

Role-based access control on the v^eb t 
Joon S. Park, Ravi Sandhu, Gail-Joon Ahn 

February 2001 ACM Transactions on Information and System Security (TISSEC), volume 4 

Issue 1 

Publisher: ACM Press 

Additional Information: .felLcitation, abstract, refer^r!.QeSj citings, index 



Full text available: "Pj pdt(331 03 KB) 

^^'^^^^ terms, review 

Current approaches to access control on the Web servers do not scale to enterprise-wide 
systems because they are nnostly based on individual user identities. Hence we were 
motivated by the need to manage and enforce the strong and efficient RBAC access control 
technology in large-scale Web environments. To satisfy this requirement, we identify two 
different architectures for RBAC on the Web, called user-pull and server-pull. To demonstrate 
feasibility, we im ... 

Keywords: WWW security, cookies, digital certificates, role-based access control 

Cryptographic security Techniques for wireless networks t 
Danai Patiyoot, S. J. Shepherd 

April 1999 ACM SZGOPS Operating Systems Review, volume 33 issue 2 
Publisher: ACM Press 

Full text available: ■^4idfillJ2iSE) Additional Information: fqll citation , sj i^strgct , i ncie>^ term? 

This paper deals with security techniques for wireless Networks. The work presented is based 
on a review of literature regarding current and future wireless security networks systems. 
The aspects discussed in this paper included the choices of cryptographic algorithnns such as 
protocols for key management and authentication. Various conclusions are drawn from 
existing security networks and proposed in new wireless ATM network security. Also a 
proposal for future research into security techniques ... 

Keywords: cryptographic, security, wireless 

® Management. gajdMin ^ 
Troy E. Anderson 

March 1992 Proceedings of the 1992 ACM/SIGAPP symposium on Applied computing: 

technological challenges of the 1990's 
Publisher: ACM Press 

Full text available: 'Mi>dflM3,89.KBJ. Additional Information: MLPJtation, references, citings, indexlerms 



^ JncrementaJ„c[yptp3r.^^ ^ 
^ Mihir Bellare, Oded Goldreich, Shafi Goldwasser 

^ May 1995 Proceedings of the twenty-seventh annual ACM symposium on Theory of 
computing 
Publisher: ACM Press 

Full text available: ^p.df(165. MB.). Additional Information: Ml.cjtation, references, citings, jndexjerms 



® .Security..and.usab!l^^^^^ ^ 
Christina Braz, Jean-Marc Robert 
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April 2006 Proceedings of the 18th international conference on Association 
Francophone d'Interaction Homme-Machine IHM '06 



Publisher: ACM Press 

Full text available: pdf(292.60 K8) Additional Information: full citation , abstract, references , index terms 

The usability of security systems has become a major issue in research on the efficiency and 
user acceptance of security systems. The authentication process is essential for controlling 
the access to various resources and facilities. The design of usable yet secure user 
authentication methods raises crucial questions concerning how to solve conflicts between 
security and usability goals. 

Keywords: access control, human factors, security usability, user authentication, user 
interface design 



^ yerifying„Securi^^^^ £ 
Maureen Harris Cheheyl, Morrie Gasser, George A. Huff, Jonathan K. Millen 

^ September 1981 ACM Computing Surveys (CSUR), Volume 13 issue 3 
Publisher: ACM Press 

Full text available: ^jdf{4,6SMB). Additional Infornnation: .fulj..cJtatiQn, references, citings, index terms 



Satchel: providing access to any document, any time, anywhere 
Mik Lamming, Marge Eldridge, Mike Flynn, Chris Jones, David Pendlebury 
^ September 2000 ACi^ Transactions on Computer-Human Interaction (TOCHI), Volume 7 Issue 

3 

Publisher: ACM Press 

Full text available: ^pdt(c391.2.9 KB) Additional Infornnation: full citation , abstract, references , citings , index terms 

Current solutions for providing access to electronic documents while away from the office do 
not meet the special needs of mobile document workers. We describe "Satchel," a system 
that is designed specifically to support the distinctive features of mobile document work. 
Satchel is designed to meet the following five high-level design goals (1) easy access to 
document services; (2) timely document access; (3) streamlined user interface; (4) ubiquity; 
and (5)compliance with securi ... 

Keywords: document access, document appliance, document processing, information 
appliance, mobile computing, mobile work 
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integrating security in a large distributed system £ 
M. Satyanarayanan 

^ August 1989 ACM Transactions on Computer Systems (TOCS), Volume 7 issue 3 
Publisher: ACM Press 

Full text available- Wi pdf(2 90 MB) Additional Infornnation: full citation , abstract , references . cilinQS , index 
^ " terms, review 

Andrew is a distributed computing environment that is a synthesis of the personal computing 
and timesharing paradigms. When mature, it is expected to encompass over 5,000 
workstations spanning the Carnegie Mellon University campus. This paper examines the 
security issues that arise in such an environment and describes the mechanisms that have 
been developed to address them. These mechanisms include the logical and physical 
separation of servers and clients, support for secure communication ... 



Software Engineering for Secure Systems (SESS) Building Trustworthv Applications: t 
Using dynamic information flow analysis to detect attacks against applications 



http://portal.acm.org/resultsxfm?coll=ACM&dl=ACM&CFrD=6288725&CFTOKEN=4408... 12/6/06 



Results (page 1): passwords 1 and secure and file and plurality and authoriz$3 and user an... Page 4 of 6 



Wes Mash, Andy Podgurski 
1^ May 2005 ACM SIGSOFT Software Engineering Notes , Proceedings of the 2005 

workshop on Software engineering for secure systems— building trustworthy 

applications SESS '05, volume 30 issue 4 
Publisher: ACM Press 

Full text available: '^i?df(243.A§.KB). Additional Information: fujicltatjon, abstract, refererrces, index teriPiS 

This paper presents a new approach to using dynannic information flow analysis to detect 
attacks against application software. The approach can be used to reveal and, under some 
conditions, to prevent attacks that violate a specified information flow policy or exhibit a 
known information flow signature. When used in conjunction with automatic cluster analysis, 
the approach can also reveal novel attacks that exhibit unusual patterns of information flows. 
A set of prototype tools implementing the a ... 

Keywords: Computer security, dynamic information flow analysis, intrusion detection, 
observation-based testing, program dependences 



1^ An introduction to muitiievei secure reiational database management systems 
Walid Rjaibi 

October 2004 Proceedings of the 2004 conference of the Centre for Advanced Studies on 

Collaborative research 
Publisher: IBM Press 

Full text available: '^ pdf(126.15 KB) Additional Information: full citation, cibstrc^ct, references, index terms 

Multilevel Security (MLS) is a capability that allows information with different classifications 
to be available in an information system, with users having different security clearances and 
authorizations, while preventing users from accessing information for which they are not 
cleared or authorized. It is a security policy that has grown out of research and development 
efforts funded mostly by the U.S. Department of Defense (DoD) to address some of the 
drawbacks of the single level mode of ... 

Ajecurity.m.odeiM^ 

Carl E. Landwehr, Constance L. Heitmeyer, John McLean 

August 1984 ACM Transactions on Computer Systems (TOCS), Volume 2 issue 3 
Publisher: ACM Press 

Full text available; ^.p.df(l ,76 MB), Additional Information: .fulJ„cltatjon, references, dtinss, indexteirn.?., revjew 



Keywords: confinement, message systems, storage channels 



Mandatory security in object-oriented database systems ^ 
M. B. Thuralsingham 

^ September 1 989 ACM SIGPLAN Notices , Conference proceedings on Object-oriented 

programming systems, languages and applications OOPSLA '89, volume 24 

Issue 10 

Publisher: ACM Press 

Full text available: pdf{ 920.02 KB) Additional Information: full citation, abstract, references, citings, index terms 

A multilevel secure object-oriented data model (using the ORION data model) is proposed for 
which mandatory security issues in the context of a database system is discussed. In 
particular the following issues are dealt with: (1) the security policy for the system, (2) 
handling polyinstantiation, and (3) handling the inference problem. A set of security 
properties that has been established in this paper is more complete than those that have 
been proposed previously. Finally we des ... 
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.EQrmai..guery,Janguages 

Marianne Winslett, Kenneth Smith, Xiaolei Qian 

December 1994 ACM Transactions on Database Systems (TODS), volume 19 issue 4 
Publisher: ACIVI Press 

Full text available: "^p.ciilZAS.MB) Additional Information: fyjj.ciatjpn, abstract, references, citings, |ndex.terms 

The addition of stringent security specifications to the list of requirements for an application 
poses many new problems in DBMS design and implementation, as well as database design, 
use, and maintenance. Tight security requirements, such as those that result in silent 
masking of witholding of true information from a user or the introduction of false information 
into query answers, also raise fundamental questions about the meaning of the database and 
the semantics of accompanying query la ... 

Keywords: formal security models, information security, multilevel secure databases 



^ Reworking, the EP.C.p^^^^^ ^ 
Ajay V. Bakre, B. R. Badrinath 

December 1996 Mobile Networks and Applications, volume i issue 4 
Publisher: Kluwer Academic Publishers 

Full text available: ^.p.df{326,.54..KB) Additional Infornnation: MLcjtatioQ. .abstract references, cJtjngLS, la.texlerms 

Remote Procedure Call (RPC) is a popular paradigmfor designing distributed applications. The 
existing RPC implementations, however, do not allow special treatment of mobile hosts and 
wireless links; which can be a cause of degraded performance and service disruptions in the 
presence of disconnections, moves and wireless errors. In addition, future information 
oriented and location aware mobile applications will also need the ability to dynamically bind 
mobile clients to local information se ... 



A„nested,transactjon..^ ^ 
Elisa Bertino, Barbara Catania, Elena Ferrari 
^ November 2001 ACM Transactions on Information and System Security (TISSEC), volume 4 

Issue 4 

Publisher: ACM Press 

Full text available: ' Qpdf(560.96 KB) Additional Information: full citation, abstract, references, index terries 

This article presents an approach to concurrency control for transactions in a Multilevel 
Secure Database Management System (MLS/DBMS). The major problem is that concurrency 
control mechanisms used in traditional DBMSs are not adequate in a MLS/DBMS, since they 
may be exploited to establish covert channels. The approach presented in this article, which 
uses single-version data items, is based on the use of nested transactions, application-level 
recovery, and notification-based locking protocols. ... 

Keywords: Nested transactions, concurrency control, covert channels, multilevel secure 
database management systems 



''^ A taxonomy of computer program security fiav\/s ^ 
^ Carl E. Landwehr, Alan R. Bull, John P. McDermott, William S. Choi 
^ September 1994 ACM Computing Surveys (CSUR), Volume 26 Issue 3 
Publisher: ACM Press 

Full text available: Wi pdS'3. 81 mi Additional Infornnation: full citation, abstract, references, citings, index 
* ^ terms^ review 

An organized record of actual flaws can be useful to computer system designers, 
programmers, analysts, administrators, and users. This survey provides a taxonomy for 
computer program security flaws, with an Appendix that documents 50 actual security flaws. 
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These flaws have all been described previously in the open literature, but in widely separated 
places. For those new to the field of computer security, they provide a good introduction to 
the characteristics of security flaws and how they ... 

Keywords: error/defect classification, security flaw, taxonomy 



20 Labels and event processes in the asbestos operating system t 
^ Petros Efstathopoulos, Maxwell Krohn, Steve VanDeBogart, Cliff Frey, David Ziegler, Eddie 
^ Kohler, David Mazieres, Frans Kaashoek, Robert Morris 

October 2005 ACM SIGOPS Operating Systems Review , Proceedings of the twentieth 

ACM symposium on Operating systems principles SOSP '05, volume 39 issue 5 

Publisher: ACM Press 

Full text available: pdft;258.58 KB) Additional Information: full citation, abstract, references, index terms 

Asbestos, a new prototype operating system, provides novel labeling and isolation 
mechanisms that help contain the effects of exploitable software flaws. Applications can 
express a wide range of policies with Asbestos's kernel-enforced label mechanism, including 
controls on inter-process communication and system-wide information flow. A new event 
process abstraction provides lightweight, isolated contexts within a single process, allowing 
the same process to act on behalf of multiple users while ... 

Keywords: event processes, information flow, labels, mandatory access control, secure web 
servers 
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